Implement email verification feature, add registration form, and update user entity for verification status

2026-03-05 20:44:19 +01:00 · 2025-04-20 19:34:27 +02:00
parent c70f713f7e
commit 4bcab2724a
40 changed files with 1149 additions and 269 deletions
--- a/src/Controller/BackofficeController.php
+++ b/src/Controller/BackofficeController.php
@@ -6,24 +6,35 @@ namespace App\Controller;

 use App\Entity\Quiz;
 use App\Entity\Season;
+use App\Entity\User;
 use App\Repository\CandidateRepository;
 use App\Repository\SeasonRepository;
+use App\Security\Voter\SeasonVoter;
+use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Attribute\AsController;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;

 #[AsController]
+#[IsGranted('ROLE_USER')]
 final class BackofficeController extends AbstractController
 {
    public function __construct(
        private readonly SeasonRepository $seasonRepository,
        private readonly CandidateRepository $candidateRepository,
+        private readonly Security $security,
    ) {}

    #[Route('/backoffice/', name: 'app_backoffice_index')]
    public function index(): Response
    {
-        $seasons = $this->seasonRepository->findAll();
+        $user = $this->getUser();
+        \assert($user instanceof User);
+
+        $seasons = $this->security->isGranted('ROLE_ADMIN')
+            ? $this->seasonRepository->findAll()
+            : $this->seasonRepository->getSeasonsForUser($user);

        return $this->render('backoffice/index.html.twig', [
            'seasons' => $seasons,
@@ -31,6 +42,7 @@ final class BackofficeController extends AbstractController
    }

    #[Route('/backoffice/{seasonCode}', name: 'app_backoffice_season')]
+    #[IsGranted(SeasonVoter::EDIT, subject: 'season')]
    public function season(Season $season): Response
    {
        return $this->render('backoffice/season.html.twig', [
--- a/src/Controller/LoginController.php
+++ b/src/Controller/LoginController.php
@@ -11,7 +11,7 @@ use Symfony\Component\Routing\Attribute\Route;
 use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

 #[AsController]
-class LoginController extends AbstractController
+final class LoginController extends AbstractController
 {
    #[Route(path: '/login', name: 'app_login_login')]
    public function login(AuthenticationUtils $authenticationUtils): Response
@@ -29,7 +29,7 @@ class LoginController extends AbstractController
    }

    #[Route(path: '/logout', name: 'app_login_logout')]
-    public function logout(): void
+    public function logout(): never
    {
        throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
    }
--- a/src/Controller/PrepareEliminationController.php
+++ b/src/Controller/PrepareEliminationController.php
@@ -8,10 +8,9 @@ use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;

-#[Route(path: '/backoffice/elimination')]
 final class PrepareEliminationController extends AbstractController
 {
-    #[Route('/prepare', name: 'app_prepare_elimination')]
+    #[Route('/backoffice/elimination/prepare', name: 'app_prepare_elimination')]
    public function index(): Response
    {
        return $this->render('prepare_elimination/index.html.twig', [
--- a/src/Controller/QuizController.php
+++ b/src/Controller/QuizController.php
@@ -84,14 +84,9 @@ final class QuizController extends AbstractController
        $candidate = $candidateRepository->getCandidateByHash($season, $nameHash);

        if (!$candidate instanceof Candidate) {
-            if ($season->isPreregisterCandidates()) {
-                $this->addFlash(FlashType::Danger, 'Candidate not found');
+            $this->addFlash(FlashType::Danger, 'Candidate not found');

-                return $this->redirectToRoute('app_quiz_entername', ['seasonCode' => $season->getSeasonCode()]);
-            }
-
-            $candidate = new Candidate(Base64::base64UrlDecode($nameHash));
-            $candidateRepository->save($candidate);
+            return $this->redirectToRoute('app_quiz_entername', ['seasonCode' => $season->getSeasonCode()]);
        }

        if ('POST' === $request->getMethod()) {
--- a/src/Controller/RegistrationController.php
+++ b/src/Controller/RegistrationController.php
@@ -0,0 +1,93 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller;
+
+use App\Entity\User;
+use App\Form\RegistrationFormType;
+use App\Repository\UserRepository;
+use App\Security\EmailVerifier;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Contracts\Translation\TranslatorInterface;
+use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
+
+final class RegistrationController extends AbstractController
+{
+    public function __construct(private readonly EmailVerifier $emailVerifier, private readonly TranslatorInterface $translator) {}
+
+    #[Route('/register', name: 'app_register')]
+    public function register(
+        Request $request,
+        UserPasswordHasherInterface $userPasswordHasher,
+        Security $security,
+        EntityManagerInterface $entityManager,
+    ): Response {
+        $user = new User();
+        $form = $this->createForm(RegistrationFormType::class, $user);
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            /** @var string $plainPassword */
+            $plainPassword = $form->get('plainPassword')->getData();
+
+            $user->setPassword($userPasswordHasher->hashPassword($user, $plainPassword));
+
+            $entityManager->persist($user);
+            $entityManager->flush();
+
+            // generate a signed url and email it to the user
+            $this->emailVerifier->sendEmailConfirmation('app_verify_email', $user,
+                (new TemplatedEmail())
+                    ->to((string) $user->getEmail())
+                    ->subject($this->translator->trans('Please Confirm your Email'))
+                    ->htmlTemplate('registration/confirmation_email.html.twig')
+            );
+
+            $response = $security->login($user, 'form_login', 'main');
+            \assert($response instanceof Response);
+
+            return $response;
+        }
+
+        return $this->render('registration/register.html.twig', [
+            'registrationForm' => $form,
+        ]);
+    }
+
+    #[Route('/verify/email', name: 'app_verify_email')]
+    public function verifyUserEmail(Request $request, TranslatorInterface $translator, UserRepository $userRepository): Response
+    {
+        $id = $request->query->get('id');
+
+        if (null === $id) {
+            return $this->redirectToRoute('app_register');
+        }
+
+        $user = $userRepository->find($id);
+
+        if (null === $user) {
+            return $this->redirectToRoute('app_register');
+        }
+
+        // validate email confirmation link, sets User::isVerified=true and persists
+        try {
+            $this->emailVerifier->handleEmailConfirmation($request, $user);
+        } catch (VerifyEmailExceptionInterface $verifyEmailException) {
+            $this->addFlash('verify_email_error', $translator->trans($verifyEmailException->getReason(), [], 'VerifyEmailBundle'));
+
+            return $this->redirectToRoute('app_register');
+        }
+
+        $this->addFlash('success', 'Your email address has been verified.');
+
+        return $this->redirectToRoute('app_backoffice_index');
+    }
+}
--- a/src/DataFixtures/KrtekFixtures.php
+++ b/src/DataFixtures/KrtekFixtures.php
@@ -21,7 +21,6 @@ class KrtekFixtures extends Fixture

        $season->setName('Krtek Weekend')
            ->setSeasonCode('krtek')
-            ->setPreregisterCandidates(true)
            ->addCandidate(new Candidate('Claudia'))
            ->addCandidate(new Candidate('Eelco'))
            ->addCandidate(new Candidate('Elise'))
--- a/src/Entity/Season.php
+++ b/src/Entity/Season.php
@@ -27,9 +27,6 @@ class Season
    #[ORM\Column(length: 5)]
    private string $seasonCode;

-    #[ORM\Column]
-    private bool $preregisterCandidates;
-
    /** @var Collection<int, Quiz> */
    #[ORM\OneToMany(targetEntity: Quiz::class, mappedBy: 'season', cascade: ['persist'], orphanRemoval: true)]
    private Collection $quizzes;
@@ -81,18 +78,6 @@ class Season
        return $this;
    }

-    public function isPreregisterCandidates(): bool
-    {
-        return $this->preregisterCandidates;
-    }
-
-    public function setPreregisterCandidates(bool $preregisterCandidates): static
-    {
-        $this->preregisterCandidates = $preregisterCandidates;
-
-        return $this;
-    }
-
    /** @return Collection<int, Quiz> */
    public function getQuizzes(): Collection
    {
@@ -158,4 +143,9 @@ class Season

        return $this;
    }
+
+    public function isOwner(User $user): bool
+    {
+        return $this->owners->contains($user);
+    }
 }
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -10,6 +10,7 @@ use Doctrine\Common\Collections\Collection;
 use Doctrine\ORM\Mapping as ORM;
 use Symfony\Bridge\Doctrine\IdGenerator\UuidGenerator;
 use Symfony\Bridge\Doctrine\Types\UuidType;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Uid\Uuid;
@@ -17,6 +18,7 @@ use Symfony\Component\Uid\Uuid;
 #[ORM\Entity(repositoryClass: UserRepository::class)]
 #[ORM\Table(name: '`user`')]
 #[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_EMAIL', fields: ['email'])]
+#[UniqueEntity(fields: ['email'], message: 'There is already an account with this email')]
 class User implements UserInterface, PasswordAuthenticatedUserInterface
 {
    #[ORM\Id]
@@ -40,6 +42,9 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
    #[ORM\ManyToMany(targetEntity: Season::class, mappedBy: 'owners')]
    private Collection $seasons;

+    #[ORM\Column]
+    private bool $isVerified = false;
+
    public function __construct()
    {
        $this->seasons = new ArrayCollection();
@@ -140,4 +145,21 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface

        return $this;
    }
+
+    public function isVerified(): bool
+    {
+        return $this->isVerified;
+    }
+
+    public function setIsVerified(bool $isVerified): static
+    {
+        $this->isVerified = $isVerified;
+
+        return $this;
+    }
+
+    public function isAdmin(): bool
+    {
+        return \in_array('ROLE_ADMIN', $this->getRoles(), true);
+    }
 }
--- a/src/Form/RegistrationFormType.php
+++ b/src/Form/RegistrationFormType.php
@@ -0,0 +1,56 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Form;
+
+use App\Entity\User;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Validator\Constraints\Length;
+use Symfony\Component\Validator\Constraints\NotBlank;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+/**
+ * @extends AbstractType<User>
+ */
+class RegistrationFormType extends AbstractType
+{
+    public function __construct(private readonly TranslatorInterface $translator) {}
+
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder
+            ->add('email', EmailType::class, [
+                'label' => $this->translator->trans('Email'),
+                'attr' => ['autocomplete' => 'email'],
+            ])
+            ->add('plainPassword', PasswordType::class, [
+                'label' => $this->translator->trans('Password'),
+                'mapped' => false,
+                'attr' => ['autocomplete' => 'new-password'],
+                'constraints' => [
+                    new NotBlank([
+                        'message' => 'Please enter a password',
+                    ]),
+                    new Length([
+                        'min' => 8,
+                        'minMessage' => 'Your password should be at least {{ limit }} characters',
+                        // max length allowed by Symfony for security reasons
+                        'max' => 4096,
+                    ]),
+                ],
+            ])
+        ;
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([
+            'data_class' => User::class,
+        ]);
+    }
+}
--- a/src/Repository/SeasonRepository.php
+++ b/src/Repository/SeasonRepository.php
@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Repository;

 use App\Entity\Season;
+use App\Entity\User;
 use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
 use Doctrine\Persistence\ManagerRegistry;

@@ -17,4 +18,15 @@ class SeasonRepository extends ServiceEntityRepository
    {
        parent::__construct($registry, Season::class);
    }
+
+    /** @return list<Season> Returns an array of Season objects */
+    public function getSeasonsForUser(User $user): array
+    {
+        $qb = $this->createQueryBuilder('s')
+            ->where(':user MEMBER OF s.owners')
+            ->orderBy('s.name')
+            ->setParameter('user', $user);
+
+        return $qb->getQuery()->getResult();
+    }
 }
--- a/src/Repository/UserRepository.php
+++ b/src/Repository/UserRepository.php
@@ -22,7 +22,9 @@ class UserRepository extends ServiceEntityRepository implements PasswordUpgrader
        parent::__construct($registry, User::class);
    }

-    /** Used to upgrade (rehash) the user's password automatically over time. */
+    /** Used to upgrade (rehash) the user's password automatically over time.
+     * @param User $user
+     * */
    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
    {
        $user->setPassword($newHashedPassword);
--- a/src/Security/EmailVerifier.php
+++ b/src/Security/EmailVerifier.php
@@ -0,0 +1,52 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security;
+
+use App\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Mailer\MailerInterface;
+use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
+use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
+
+class EmailVerifier
+{
+    public function __construct(
+        private readonly VerifyEmailHelperInterface $verifyEmailHelper,
+        private readonly MailerInterface $mailer,
+        private readonly EntityManagerInterface $entityManager,
+    ) {}
+
+    public function sendEmailConfirmation(string $verifyEmailRouteName, User $user, TemplatedEmail $email): void
+    {
+        $signatureComponents = $this->verifyEmailHelper->generateSignature(
+            $verifyEmailRouteName,
+            (string) $user->getId(),
+            (string) $user->getEmail(),
+            ['id' => $user->getId()]
+        );
+
+        $context = $email->getContext();
+        $context['signedUrl'] = $signatureComponents->getSignedUrl();
+        $context['expiresAtMessageKey'] = $signatureComponents->getExpirationMessageKey();
+        $context['expiresAtMessageData'] = $signatureComponents->getExpirationMessageData();
+
+        $email->context($context);
+
+        $this->mailer->send($email);
+    }
+
+    /** @throws VerifyEmailExceptionInterface */
+    public function handleEmailConfirmation(Request $request, User $user): void
+    {
+        $this->verifyEmailHelper->validateEmailConfirmationFromRequest($request, (string) $user->getId(), (string) $user->getEmail());
+
+        $user->setIsVerified(true);
+
+        $this->entityManager->persist($user);
+        $this->entityManager->flush();
+    }
+}
--- a/src/Security/Voter/SeasonVoter.php
+++ b/src/Security/Voter/SeasonVoter.php
@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security\Voter;
+
+use App\Entity\Season;
+use App\Entity\User;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+
+final class SeasonVoter extends Voter
+{
+    public const string EDIT = 'SEASON_EDIT';
+
+    public const string DELETE = 'SEASON_DELETE';
+
+    protected function supports(string $attribute, mixed $subject): bool
+    {
+        return \in_array($attribute, [self::EDIT, self::DELETE], true)
+            && $subject instanceof Season;
+    }
+
+    /** @param Season $subject */
+    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
+    {
+        $user = $token->getUser();
+        if (!$user instanceof User) {
+            return false;
+        }
+
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        switch ($attribute) {
+            case self::EDIT:
+            case self::DELETE:
+                if ($subject->isOwner($user)) {
+                    return true;
+                }
+
+                break;
+        }
+
+        return false;
+    }
+}